Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-08FireEyeLee Foster, Ryan Serabian
Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.
2021-09-03FireEyeAdrian Sanchez Hernandez, Alex Pennino, Andrew Rector, Brendan McKeague, Govand Sinjari, Harris Ansari, John Wolfram, Joshua Goddard, Yash Gupta
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers
CHINACHOPPER HTran
2021-09-01FireEyeAdrien Bataille, Blaine Stancill
Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth
PRIVATELOG STASHLOG
2021-08-18FireEyeAaron Stephens
Detecting Embedded Content in OOXML Documents
2021-08-10FireEyeIsrael Research Team, U.S. Threat Intel Team
UNC215: Spotlight on a Chinese Espionage Campaign in Israel
HyperBro HyperSSL MimiKatz
2021-08-04FireEyeDoug Bienstock, Josh Madeley
Cloudy with a Chance of APTNovel Microsoft 365 Attacks in the Wild
2021-06-16FireEyeJared Wilson, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean, Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Cobalt Strike SMOKEDHAM
2021-05-27FireEyeDan Perez, Emiel Haeghebaert, Greg Wood, Sarah Jones, Stephen Eckels
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices
UNC2630 UNC2717
2021-05-25FireEyeDaniel Kapellmann Zafra, Keith Lunden, Nathan Brubaker
Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises
2021-05-11FireEyeAlyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy Kennelly, Jordan Nuce, Kimberly Goody
Shining a Light on DARKSIDE Ransomware Operations
Cobalt Strike DarkSide
2021-05-04FireEyeDimiter Andonov, Nick Richard
The UNC2529 Triple Double: A Trifecta Phishing Campaign
DOUBLEBACK
2021-04-29FireEyeJustin Moore, Raymond Leong, Tyler McLellan
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Cobalt Strike FiveHands HelloKitty
2021-04-28FireEyeAlden Wahlstrom, Ben Read, David Mainor, Gabby Roncone, Lee Foster, Lindsay Smith, Sam Riddell
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021-04-27FireEyeDoug Bienstock
Abusing Replication: Stealing AD FS Secrets Over the Network
2021-04-20FireEyeAlex Pennino, Chris DiGiamo, Josh Fleischer
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise
2021-04-20FireEyeDan Perez, Dimiter Andonov, Greg Wood, Jacob Thompson, Jonathan Lepore, Josh Triplett, Joshua Villanueva, Regina Elwell, Sarah Jones, Stephen Eckels, Stroz Friedberg
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021-04-20Github (fireeye)FireEye, Mandiant
FireEye Mandiant PulseSecure Exploitation Countermeasures
2021-03-31FireEyeDavid Via, Scott Runnels
Back in a Bit: Attacker Use of the Windows Background Intelligent Transfer Service
2021-03-04FireEyeAndrew Thompson, Chris DiGiamo, Matt Bromiley, Robert Wallace
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
CHINACHOPPER HAFNIUM
2021-03-04FireEyeBen Read, Jonathan Leathery, Lindsay Smith
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
UNC2452